Recently, subscriber Peter Killick had a question about protection from downloads:
I was under the impression that my combination of a router plus a software firewall completely prevented anything ever being downloaded on my computer over the web without my approval, typically indicated by clicking a button.
My router is a Netgear, properly and carefully set up and the default password was replaced on installation. My firewall is the underrated Ashampoo one – actually very efficient, and it always double checks any initial confirmation click on my part.
A firewall program plus a router does not necessarily prevent downloads. It only does that if the program is not authorized to connect to the Internet.
A program can call home or anywhere else, and can check for updates or anything else, if:
- If you have authorized a program to contact the Internet, or
- if the firewall program does not check outbound connections (e.g., Windows XP’s built-in firewall), or
- if you have the firewall program set NOT to check outbound connection attempts, or
- if the firewall program was set by the manufacturer to automatically authorize specific programs to contact the Internet (one of the things I didn’t like about way the “name brand” firewall programs used to work – and may still work that way, for example “pre-authorize Microsoft programs to connect to the Internet”)
In other words, for legitimate programs, the same method that is used to download definitions updates is used to download program updates.
Unfortunately, the same thing is true of malware. If you have told your firewall not to bother you on an outbound request, it won’t. It will accept any outbound attempt from your computer and assume it was legitimate. If the malware wants to download something, it can.
That’s one reason why I think we all need to have antispyware that runs all the time and not just a program that scans only when we tell it to scan.